Commit 33cb6327 authored by Misagh Moayyed's avatar Misagh Moayyed
Browse files

updated docs. updated to 2.0.4

parent e99c39fd
......@@ -196,6 +196,21 @@ The filters are configured to sanitize authentication request parameters and rej
It is **STRONGLY** recommended that all CAS deployments be evaluated and include this configuration if necessary to prevent protocol attacks in situations where the CAS container and environment are unable to block malicious and badly-configured requests.
#### Security Response Headers
As part of the CAS Security Filter, the CAS project automatically provides the necessary configuration to
insert HTTP Security headers into the web response to prevent against HSTS, XSS, X-FRAME and other attacks.
These settings are presently off by default, and may be enabled via the following settings:
{% highlight xml %}
# httpresponse.header.cache=false
# httpresponse.header.hsts=false
# httpresponse.header.xframe=false
# httpresponse.header.xcontent=false
# httpresponse.header.xss=false
{% endhighlight %}
To review and learn more about these options, please visit [this guide][cas-sec-filter].
### Spring Webflow Sessions
The CAS project uses Spring Webflow to manage and orchestrate the authentication process. The conversational state of the
webflow used by CAS is managed by the client which is then passed and tracked throughout various states of the authentication
......@@ -73,12 +73,7 @@
......@@ -1561,7 +1561,7 @@
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment